---
layout: commands
page_title: 'Commands: ACL Auth Method Create'
---

# Consul ACL Auth Method Create

Command: `consul acl auth-method create`

The `acl auth-method create` command creates new auth methods.

## Usage

Usage: `consul acl auth-method create [options] [args]`

#### API Options

@include 'http_api_options_client.mdx'

@include 'http_api_options_server.mdx'

#### Command Options

- `-description=<string>` - A description of the auth method.

- `-meta` - Indicates that auth method metadata such as the raft indices should
  be shown for each entry.

- `-name=<string>` - The new auth method's name. This flag is required.

- `-type=<string>` - The new auth method's type. This flag is required.

- `-display-name=<string>` - An optional name to use instead of the name when
  displaying this auth method in a UI. Added in Consul 1.8.0.

- `-max-token-ttl=<duration>` - Duration of time all tokens created by this
  auth method should be valid for. Added in Consul 1.8.0.

- `-token-locality=<string>` - Defines the kind of token that this auth method
  should produce. This can be either 'local' or 'global'. If empty the value of
  'local' is assumed. Added in Consul 1.8.0.

- `-config=<string>` - The configuration for the auth method. Must be JSON. May
  be prefixed with '@' to indicate that the value is a file path to load the
  config from. '-' may also be given to indicate that the config is available on
  stdin. Added in Consul 1.8.0.

- `-kubernetes-ca-cert=<string>` - PEM encoded CA cert for use by the TLS
  client used to talk with the Kubernetes API. May be prefixed with '@' to
  indicate that the value is a file path to load the cert from. This flag is
  required for `-type=kubernetes`.

- `-kubernetes-host=<string>` - Address of the Kubernetes API server. This flag
  is required for `-type=kubernetes`.

- `-kubernetes-service-account-jwt=<string>` - A Kubernetes service account JWT
  used to access the TokenReview API to validate other JWTs during login. This
  flag is required for `-type=kubernetes`.

- `-format={pretty|json}` - Command output format. The default value is `pretty`.

#### Enterprise Options

@include 'http_api_namespace_options.mdx'

- `-namespace-rule-bind-namespace=<value>` - Namespace to bind on match. Can
  use `${var}` interpolation. Added in Consul 1.8.0.

- `-namespace-rule-selector=<value>` - An expression that matches against
  verified identity attributes returned from the auth method during login to
  determine if the namespace rule applies. Added in Consul 1.8.0.

## Examples

Create a new Kubernetes auth method:

```shell-session
$ consul acl auth-method create -name minikube -type kubernetes \
    -description 'minikube auth method' \
    -kubernetes-host 'https://192.0.2.42:8443' \
    -kubernetes-ca-cert '@minikube-ca.crt' \
    -kubernetes-service-account-jwt 'eyJhbGciOiJSUzI1NiIsImtpZCI...'
Name:         minikube
Type:         kubernetes
Description:  minikube auth method
Config:
{
  "CACert": "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----\n",
  "Host": "https://192.0.2.42:8443",
  "ServiceAccountJWT": "eyJhbGciOiJSUzI1NiIsImtpZCI..."
}
```
